Hi
I am discovering keycloak and I have been lost somewhere in the documentation, surely due to a lack of familiarity with the concepts.
My ultimate goal is to use various IDP to pass basic users informations to a web client as http headers via (go)gatekeeper.
For the moment, I am trying to figure out how to pass the email address of the user as known by the provider without letting the user overwrite it during the first broker login flow. Do I need to customize the flow?
I was hoping to find some mechanism to pass custom claims like a fixed literal representing the idp, or a relabelled claim (email claim of the idp behing relabelled real_email, for instance). I though that mappers may be the right tool but I am really puzzled by the documentation.
Later It will also need to pass things like roles, but I figured that it would be easier to start little with some toy example (and without gatekeeper).
What are the relevant concepts and how would you achieve my goal?